SCIENTIFIC-LINUX-ERRATA Archives

November 2007

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Security Errata for Scientific Linux <[log in to unmask]>
Date:
Tue, 13 Nov 2007 16:51:14 -0600
MIME-version:
1.0
Reply-To:
Troy Dawson <[log in to unmask]>
Content-type:
text/plain; format=flowed; charset=ISO-8859-1
Subject:
From:
Troy Dawson <[log in to unmask]>
Content-transfer-encoding:
7BIT
Comments:
Parts/Attachments:
text/plain (135 lines)
Synopsis:	Moderate: conga security, bug fix, and enhancement update
Issue date:	2007-11-07
CVE Names:	CVE-2007-4136

A flaw was found in ricci during a code audit.  A remote attacker who is
able to connect to ricci could cause ricci to temporarily refuse additional
connections, a denial of service (CVE-2007-4136).

Fixes in this updated package include:

* The nodename is now set for manual fencing.

* The node log no longer displays in random order.

* A bug that prevented a node from responding when a cluster was deleted is
now fixed.

* A PAM configuration that incorrectly called the deprecated module
pam_stack was removed.

* A bug that prevented some quorum disk configurations from being accepted
is now fixed.

* Setting multicast addresses now works properly.

* rpm -V on luci no longer fails.

* The user interface rendering time for storage interface is now faster.

* An error message that incorrectly appeared when rebooting nodes during
cluster creation was removed.

* Cluster snaps configuration (an unsupported feature) has been removed
altogether to prevent user confusion.

* A user permission bug resulting from a luci code error is now fixed.

* luci and ricci init script return codes are now LSB-compliant.

* VG creation on cluster nodes now defaults to "clustered".

* An SELinux AVC bug that prevented users from setting up shared storage on
nodes is now fixed.

* An access error that occurred when attempting to access a cluster node
after its cluster was deleted is now fixed.

* IP addresses can now be used to create clusters.

* Attempting to configure a fence device no longer results in an
AttributeError.

* Attempting to create a new fence device to a valid cluster no longer
results in a KeyError.

* Several minor user interface validation errors have been fixed, such as
enforcing cluster name length and fence port, etc.

* A browser lock-up that could occur during storage configuration has been
fixed.

* Virtual service creation now works without error.

* The fence_xvm tag is no longer misspelled in the cluster.conf file.

* Luci failover forms are complete and working.
* Rebooting a fresh cluster install no longer generates an error message.

* A bug that prevented failed cluster services from being started is now
fixed.

* A bug that caused some cluster operations (e.g., node delete) to fail on
clusters with mixed-cased cluster names is now fixed.

* Global cluster resources can be reused when constructing cluster
services.

Enhancements in this updated package include:

* Users can now access Conga through Internet Explorer 6.

* Dead nodes can now be evicted from a cluster.

* Shared storage on new clusters is now enabled by default.

* The fence user-interface flow is now simpler.

* A port number is now shown in ricci error messages.

* The kmod-gfs-xen kernel module is now installed when creating a cluster.

* Cluster creation status is now shown visually.

* User names are now sorted for display.

* The fence_xvmd tag can now be added from the dom0 cluster nodes.

* The ampersand character (&) can now be used in fence names.

* All packaged files are now installed with proper owners and permissions.

* New cluster node members are now properly initialized.

* Storage operations can now be completed even if an LVM snapshot is 
present.

* Users are now informed via dialog when nodes are rebooted as part of a
cluster operation.

* Failover domains are now properly listed for virtual services and
traditional clustered services.

* Luci can now create and distribute keys for fence_xvmd.

SL 5.x

   SRPMS:
conga-0.10.0-6.el5.src.rpm

   i386:
luci-0.10.0-6.el5.i386.rpm
ricci-0.10.0-6.el5.i386.rpm
cluster-cim-0.10.0-5.el5.i386.rpm
cluster-snmp-0.10.0-5.el5.i386.rpm
modcluster-0.10.0-5.el5.i386.rpm
   x86_64:
luci-0.10.0-6.el5.x86_64.rpm
ricci-0.10.0-6.el5.x86_64.rpm
cluster-cim-0.10.0-5.el5.x86_64.rpm
cluster-snmp-0.10.0-5.el5.x86_64.rpm
modcluster-0.10.0-5.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2